CVE-2007-4575 — Code Injection in Hsqldb

CWE-94 — Code Injection8 documents7 sources

Severity

9.3CRITICALNVD

EPSS

6.3%

top 8.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Hsqldb Openoffice

Timeline

PublishedDec 6

Latest updateMay 1

Description

HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶debiandebian/hsqldb< hsqldb 1.8.0.9-1 (bookworm)

▶NVDopenoffice/openoffice2.3+9

Patches

Patch: secunia.com ↗Patch: www.openoffice.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-583w-wjg4-5w8f: HSQLDB before 1↗2022-05-01

▶

OSV

CVE-2007-4575: HSQLDB before 1↗2007-12-06

▶

📋Vendor Advisories

Ubuntu

OpenOffice.org vulnerabilities↗2008-05-06

▶

Red Hat

OpenOffice.org-base allows Denial-of-Service and command injection↗2007-12-04

▶

Debian

CVE-2007-4575: hsqldb - HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows us...↗2007

▶

💬Community

Bugzilla

CVE-2007-4575 OpenOffice.org-base allows Denial-of-Service and command injection↗2007-09-21

▶

Bugzilla

CVE-2007-4575 HSQLDB DoS and information disclosure↗2007-09-20

▶